From: Declan McCullagh <declan@well.com>
Date: Sat, 10 May 1997 09:05:31 +0800
To: cypherpunks@toad.com
Subject: Bill of Goods, from The Netly News Network
Message-ID: <v03007805af99743aebb7@[168.161.105.191]>
MIME-Version: 1.0
Content-Type: text/plain



************

http://pathfinder.com/netly/editorial/0,1012,931,00.html

The Netly News Network
http://netlynews.com/
May 9, 1997

Bill of Goods
by Declan McCullagh (declan@well.com)

     Senate Democrats are preparing legislation that
requires universities and other groups receiving
Federal grants to make their communication networks
snoopable by the government, The Netly News has
learned. The draft also includes penalties for
"unauthorized breaking of another's encryption codes,"
and restrictions on importing encryption products.

     At a Democratic leadership press briefing, Sen.
Bob Kerrey (D-Neb.) yesterday said his bill slightly
relaxed export rules in exchange for greater federal
control over crypto imports. But what he appears to be
truly aiming for is a full-scale assault on your right
to use whatever encryption software you want in your
own home.

     Academics are indignant over the strings attached
to grants. "This is outrageous," says Dave Farber, a
university professor at the University of Pennsylvania
and an EFF board member. "It's going to generate
roaring screams on campus. If you look at Internet II,
if you look at the Next Generation Internet, if you
look at campus networks -- all those have components
of federal funds."

     It's diabolical. Researchers already have to
comply with a legion of rules to qualify for grants.
Kerrey's proposed bill, called "The Secure Public
Network Act," would add yet another provision to the
fine print. It requires that "all encryption software
purchased with federal funds shall be software based
on a system of key recovery" and "all encrypted
networks established with the use of federal funds
shall use encryption based on a system of key
recovery." Key recovery, or key escrow, technology
enables law-enforcement officials to obtain copies of
the mathematical keys needed to decipher messages. In
other words, someone else keeps a copy of your secret
key -- and some proposed bills say that the cops may
not even need a search warrant to seize it.

     And not just universities will be jump-starting
the market for domestic key escrow. Organizations from
defense contractors to the United States Institute of
Peace to the American Red Cross receive federal
monies.

     "This is out-and-out industrial policy," says Jim
Lucier of Americans for Tax Reform. "It's going to
affect every technology there is for doing business on
the Net."

     What about the penalties for "unauthorized
breaking of another's encryption codes?" That would
criminalize cryptanalysis, the way to verify the
security of encryption software you buy. "The only way
to know the strength of a cipher is cryptanalysis,"
says Marc Briceno, a cryptography guru at Community
ConneXion.

     Then there's Kerrey's statement saying "there
will be" restrictions on what encryption products
you're permitted to buy from overseas firms. This
contradicts Justice Department official Michael Vatis,
who told me at a conference this year that the Clinton
administration did not want import controls. Though
Cabe Franklin, spokesperson for Trusted Information
Systems, says Kerrey was misunderstood. "In the
briefing afterwards, I found out he didn't mean that
at all. He meant import controls, but more regulation
than restriction. The same way they wouldn't let a car
with faulty steering controls in the country. He meant
more quality control," Franklin says. (I don't know
about you, but I'm not convinced.)

     But the real question is: Why does Kerrey think
this rat-bastard bill has any chance of passing
through Congress, especially when there's already
legislation that would generally relax controls on
crypto? After all, Rep. Bob Goodlatte (R-Va.)'s "SAFE"
bill already has 86 cosponsors and shot out of
subcommittee last week. Sen. Conrad Burns' (R-Mont.)
"Pro-CODE" bill is headed for markup next month.

     The answer is simple: this a trading chit that
the White House and the Democratic leadership can play
to water down the Burns and Goodlatte bills, and
perhaps meld all three together.

     The Democratic strategy makes sense. Members of
Congress are driven by a fierce, desperate urge to
compromise. The drive is primal: legislators are
compelled to find a middle ground. But to their
chagrin, crypto doesn't offer one. Either you keep a
copy of the electronic keys to your files or someone
else does -- which is exactly what the White House
wants. Either you're free to speak privately over the
Net using PGP, or you're not -- which is exactly what
the White House also wants.

     This may seem like a lot of high-powered
attention on an obscure subject; after all, encryption
does nothing more than scramble, verify and reassemble
bits of information. Besides ensuring that your
messages are private, encryption provides the
protocols for scrambling credit card numbers and
minting electronic coins. It allows digital
signatures, proofs of identity online, digital time
stamps and even secure electronic voting. It lets
anonymous remailers exist. It supplies the foundation
and steel girders for an information society.

     Kerrey's sudden interest in cryptologic arcana
likely stems from a recent addition to his staff:
policy aide Chris McLean.

     McLean is hardly a friend of the Net. While in
former Sen. Jim Exon's (D-Neb.) office, McLean drafted
the notorious Communications Decency Act and went on
to prompt Exon to derail "Pro-CODE" pro-encryption
legislation last fall. Then, not long after McLean
moved to his current job, his new boss stood up on the
Senate floor and bashed Pro-CODE in favor of the White
House party line: "The President has put forward a
plan which in good faith attempts to balance our
nation's interests in commerce, security, and law
enforcement."

     Now, more ominously, McLean just might be Bill
Clinton's appointee to fill a vacant slot at the
Federal Communications Commission. If you think the
White House is out to slam the Net, imagine what the
FCC could do...  

###


-------------------------
Declan McCullagh
Time Inc.
The Netly News Network
Washington Correspondent
http://netlynews.com/